Last week the Office of the Australian Information Commissioner
released a new Guide to developing a data breach response
plan. Given that the two enforceable undertakings that
have been given to date to the Commissioner in relation to privacy
breaches have both concerned breaches that were not discovered by
the relevant company and not dealt with on a timely basis, it is
unsurprising that there is a need to issue an updated guide.
The guide is short, only 9 pages and has a valuable check-list
of issues at page 8. It also helpfully cross-references to
the Commissioner's Data breach notification guide: A guide
to handling personal information security breaches.
While the data breach notification guide deals with the substantive
steps to be taken once a breach is discovered, the Guide to
developing a data breach response plan considers the way in
which organisations can plan to better manage such circumstances
including ensuring they have a breach response team who understand
their roles and have clear reporting lines.
Organisations who have experienced a data breach will be aware
that the need for swift and clear action means planning in advance
is a high priority. Where executives across a range of
responsibilities understand their respective roles and can
co-ordinate clearly then all of the issues relating to dealing with
the breach and minimising the harm can be dealt with in a timely
There is an old saying "a stitch in time saves
nine". Spending some time now to determine a response
plan and addressing each of the issues raised in the
Commissioner's check-list will be invaluable in the event of a
The statistics that are released year on year by
the relevant surveys indicate the likelihood of a breach is not a
question of "if" but a question of "when".
Holding Redlich has experience assisting companies in dealing
with breaches, notifying affected individuals, reviewing systems to
contain the breach to prevent future breaches and to improve the
range of security responses an organisation has in such
If you have any concerns about your organisation's ability
to respond, we would be happy to work through the check-list with
This publication does not deal with every important topic or
change in law and is not intended to be relied upon as a substitute
for legal or other advice that may be relevant to the reader's
specific circumstances. If you have found this publication of
interest and would like to know more or wish to obtain legal advice
relevant to your circumstances please contact one of the named
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Privacy issues require a considered strategy where sets of big data come with ever-increasing regulatory obligations.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).